[Cryptography] client certificates ... as opposed to password hashing
Joe St Sauver
joe at oregon.uoregon.edu
Tue May 27 11:04:05 EDT 2014
Hi,
Tony commented:
#That's great... so what's the problem? User experience
#
#Client certificate UX is terrible in all browsers. Worse, it's inconsistent
#between browsers. Managing certificates is terrible. Hell, browsers can't
#even decide whether or not they should use the system trust store or their
#own.
I'd distinguish between two phases when it comes to client certs:
provisioning, and routine use.
No question about it, provisioning is currently painful, although there are
some commercial tools (Cloudpath ExpressConnect and SecureW2, for example)
that have been putting a lot of effort into making cert installation a lot
less painful, and the Internet2 community has also has been working on
InCert, an open source option (see https://github.com/Internet2/incert and
http://www.internet2.edu/vision-initiatives/initiatives/trusted-identity-education/incert/#incert-overview
Or, for that matter, a determined individual can just do it the "hard way,"
as described in
http://pages.uoregon.edu/joe/secprof2012/sec-prof-2012-client-certs.pdf
The key point about provisioning is that it's a comparatively rare event for
most users (e.g., annual, worst case) and if you only use a single device
(e.g., one laptop you use for everything), it isn't too bad.
If you have multiple accounts and multiple devices, it gets harder, due to
the need to move more certs around to keep everything sync'd, or the need
to use a different deployment model (e.g., instead of one cert everywhere,
perhaps a different cert on each device, a model that obviously falls apart
for encryption rather than just signing and authentication)
But what about routine use? *If* all the user is doing is S/MIME, and
everyone uses the same key for signing as for encryption, key exchange
via signed messages works okay, and most popular email IMAP clients
support S/MIME and you can even use something like Penango for web email
(free for free Gmail account users). That largely just works.
HOWEVER, routine use gets harder when:
-- you're trying to more than just S/MIME
-- you're trying to work beyond just the enterprise, and there's no
global directory
-- you have multiple client certs (e.g., a non-repudiable signing cert
and an escrowed encryption cert, perhaps)
-- you want to use smartcards or USB-format PKI hard tokens to store your
certificates
What's really missing to-date has been use cases for client certs, at least
in the academic community.
If I just want to do signed or encrypted email, PGP/GNU PrivacyGuard is a
compelling alternative.
Regards,
Joe
Disclaimer: all opinions purely my own.
More information about the cryptography
mailing list